Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...
The Hacker NewsOpinion

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they ...

Former Michigan staffer says Sherrone Moore had 'complete control over me'

Former Michigan football staffer Paige Shiver spoke with ABC News about her relationship with Sherrone Moore, saying he had ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
LGBTQ Nation

Dems pass “profound” law to protect trans kids who change their names

Colorado Governor Jared Polis (D) has signed a law to protect trans children by sealing name changes for those who are under ...

Facebook account takeover scam left one distant friend out $3,000

One victim thought she was buying a tractor that could help a man pay medical bills. But no, fraudsters hacked someone else's ...
The Indiana Lawyer

From sports stars to the attorney general himself, Hoosiers have unclaimed property

An unclaimed $49.14 check from Warner Brothers Studio to NBA legend Reggie Miller remains unclaimed 21 years later. As does the $38.57 in wages owed to former Colts quarterback Andrew Luck since 2015 ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Real estate boom pushes hills to the edge in Mussoorie

Despite repeated court interventions, buildings mushroom unchecked, raising the risks of landslides and lasting environmental damage ...